From 9ba9b6c09d3a400a3613f95c2df8441d8cdac48e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Thu, 10 Jun 2021 21:23:06 +0200 Subject: [PATCH] Change the default password hash method to yescrypt --- pam.spec | 5 ++++- password-auth.pamd | 2 +- system-auth.pamd | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/pam.spec b/pam.spec index aa57414..cace185 100644 --- a/pam.spec +++ b/pam.spec @@ -3,7 +3,7 @@ Summary: An extensible library which provides authentication for applications Name: pam Version: 1.5.1 -Release: 6%{?dist} +Release: 7%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. @@ -381,6 +381,9 @@ test "$FILE" != %{_sysconfdir}/authselect/fingerprint-auth && \ exit 0 %changelog +* Thu Jun 10 2021 Björn Esser - 1.5.1-7 +- Change the default password hash method to yescrypt + * Thu Jun 10 2021 Björn Esser - 1.5.1-6 - Add a patch to not use crypt_checksalt for password expiration Resolves: #1965345, #1967150 diff --git a/password-auth.pamd b/password-auth.pamd index 168639a..edca995 100644 --- a/password-auth.pamd +++ b/password-auth.pamd @@ -6,7 +6,7 @@ auth required pam_deny.so account required pam_unix.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= -password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow +password sufficient pam_unix.so try_first_pass use_authtok nullok yescrypt shadow password required pam_deny.so session optional pam_keyinit.so revoke diff --git a/system-auth.pamd b/system-auth.pamd index 168639a..edca995 100644 --- a/system-auth.pamd +++ b/system-auth.pamd @@ -6,7 +6,7 @@ auth required pam_deny.so account required pam_unix.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= -password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow +password sufficient pam_unix.so try_first_pass use_authtok nullok yescrypt shadow password required pam_deny.so session optional pam_keyinit.so revoke